Browse Source

update changelog and bump version to v0.32.6

pull/4050/head
Anton Kaliaev 5 years ago
parent
commit
143b2b85c3
No known key found for this signature in database GPG Key ID: 7B6881D965918214
3 changed files with 25 additions and 2 deletions
  1. +23
    -0
      CHANGELOG.md
  2. +1
    -1
      CHANGELOG_PENDING.md
  3. +1
    -1
      version/version.go

+ 23
- 0
CHANGELOG.md View File

@ -1,5 +1,28 @@
# Changelog
## v0.32.6
*October XXX, 2019*
The previous patch was insufficient because the attacker could still find a way
to submit a `nil` pubkey by constructing a `PubKeyMultisigThreshold` pubkey
with `nil` subpubkeys for example.
This release provides multiple fixes, which include recovering from panics when
accepting new peers and only allowing `ed25519` pubkeys.
**All clients are recommended to upgrade**
Special thanks to [fudongbai](https://hackerone.com/fudongbai) for pointing
this out.
Friendly reminder, we have a [bug bounty
program](https://hackerone.com/tendermint).
### SECURITY:
- [p2p] [\#4030](https://github.com/tendermint/tendermint/issues/4030) Only allow ed25519 pubkeys when connecting
## v0.32.5
*October 1, 2019*


+ 1
- 1
CHANGELOG_PENDING.md View File

@ -1,4 +1,4 @@
## v0.32.6
## v0.32.7
\*\*


+ 1
- 1
version/version.go View File

@ -20,7 +20,7 @@ const (
// Must be a string because scripts like dist.sh read this file.
// XXX: Don't change the name of this variable or you will break
// automation :)
TMCoreSemVer = "0.32.5"
TMCoreSemVer = "0.32.6"
// ABCISemVer is the semantic version of the ABCI library
ABCISemVer = "0.16.1"


Loading…
Cancel
Save